94cd9492b585b429bafb860f36dd1d60_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

94cd9492b585b429bafb860f36dd1d60_NeikiAnalytics.exe
Size

84KB
MD5

94cd9492b585b429bafb860f36dd1d60
SHA1

c2781ba399d127d1cc874b5826a7ef64b490328f
SHA256

67c1a1dc58a1fc642eb82236629607fa84e9eca74c34c8bde2e7de8c16b42361
SHA512

97d42b073c6a82b01171d208b26deee3d33bbd231360f238c9d58af311b7eb7ca7c2c56f6e9c83d9f02e206873cbea1f28c248d66553140e666b70ebad1ef005
SSDEEP

1536:HrHcfYTgHvOFcn/Mm7IEdpUJ7rogaZGa9F:zc7vnfcEdpUJfogaZ/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94cd9492b585b429bafb860f36dd1d60_NeikiAnalytics.exe

Files

94cd9492b585b429bafb860f36dd1d60_NeikiAnalytics.exe
.dll windows:4 windows x86 arch:x86

fb4a43a1b663e854674f15c2bd7a2a89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gutl

??0CWNProcess@@QAE@XZ
??0CWNEnumProcesses@@QAE@XZ
?GetName@CWNModule@@QAEPBDXZ
?GetNextProcess@CWNEnumProcesses@@QAEHAAVCWNProcess@@@Z
??1CWNEnumProcesses@@QAE@XZ
??1CWNProcess@@QAE@XZ

comctl32

ord17

kernel32

GetCommandLineA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
ExitProcess
TerminateProcess
GetACP
LCMapStringA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LCMapStringW
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GlobalAddAtomA
GetCurrentThreadId
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalLock
GlobalReAlloc
GlobalAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcpynA
GetVersion
GetProcAddress
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
lstrcmpiA
GlobalGetAtomNameA
FreeLibrary
LoadLibraryA
SetLastError
GetLastError
GetProcessVersion
lstrcmpA
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentProcess
WriteFile
InterlockedDecrement

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
MapWindowPoints
GetSysColor
PostMessageA
LoadIconA
EnableWindow
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
SetWindowsHookExA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
IsIconic
SystemParametersInfoA
RegisterWindowMessageA

gdi32

GetClipBox
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateBitmap
SetTextColor
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Exports

Exports

_IsAlreadyRunning@4

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb4a43a1b663e854674f15c2bd7a2a89

Headers

File Characteristics

Imports

gutl

comctl32

kernel32

user32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 13KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 12KB - Virtual size: 9KB